BigEyes Ransomware

Finding that your data has been tampered with by ransomware should make you act immediately. The BigEyes ransomware, which is also identified as LimeDecryptor, is a threat that freezes your files by encrypting them once you launch its executable file. The infection encrypts files and appends the extension .lime, and, like a real criminal shows you a ransom note. We strongly advise you against following the instructions provided in the ransom warning because nobody cannot guarantee you that you will regain your encrypted files. All that you should do now is remove the BigEyes ransomware and ensure that this situation does not take place again in the future.

The name BigEyes is added because of the original name of the file, whereas the name LimeDecryptor is visible to everyone whose computer contains the infection. This threat is delivered through email and RDP services, but also distribution methods may also be employed to spread the infection. As regards emails, you should be very attentive to their senders. If you receive an email from a sender that you do not recognize, and the email contains an attachment or a link to some website, make sure that the email is not an attempt to deceive you. There is a type of emails called phishing emails that are designed and written to resemble the emails of legitimate service providers. For example, you may receive an invoice for some product, but in reality the file could be an executable file encrypting or deleting files. The BigEyes ransomware may be disguised as any type of file. Usually, victims are provided with fake .pdf and .doc files. As for RDP connections, you should use strong passwords and block connections attempting to connect to your device multiple times. There are many other methods of malware distribution, such as freeware sharing websites and pop-ups, so you should always use your common sense to prevent unexpected consequences.

The damage caused by the BigEyes ransomware may have some long-terms consequences because it encrypts files located on the desktop, where we tend to keep our frequently used files. Additionally, it damages files residing in the Videos, Documents, Pictures, and Music folders.

On the desktop you are likely to notice the files #Background.png, which replaces the desktop image with the ransom note, and #Decryptor.exe, which, when launched, displays a program window containing information very similar to the information in the background image. It is possible to close the program window of the BigEyes ransomware, but that does not change much because you need to remove the ransomware for good.

According to the ransom warning, the encrypted data can be restored if you pay a ransom fee of $100 in Bitcoin. After submitting the payment, you are expected to contact the attackers at r3vo@protonmail.com. Bitcoin is a crypto currency the popularity of which has significantly increased worldwide and which has been used successfully by ransomware in the past few years. Bitcoin money transaction are made anonymously to digital accounts, also called wallets, in a manner of seconds, and the warning displayed by the BigEyes ransomware contains information how to purchase the currency and pay the release fee. At this point, we want to warn you that the chance of retrieving your encrypted data is close to zero, because ransomware creators are not interested in restoring victims' data. Ransomware is created for monetary gain without the victim in mind, and you should not give up to the temptation to try whether the money submission works to your advantage.

Instead of wasting your time and money, you should protect yourself from the growing online threats, and you can do so only after removing the BigEyes ransomware. Below you will find the removal instructions that will walk you through the removal process, but our advice is that you rely on a reputable security program. Your computer may be full of other threats, including adware and spyware, and, if you want to browse the Internet safely, you should keep yourself protected whenever connected to the Internet.

How to remove BigEyes Ransomware

Delete all questionable files located on the desktop, including #BackGround.png and #Decryptor.exe.

Press Win+R and type in regedit.

Click OK.

Delete the registry value #Decryptor after following the pathway HKCU\Software\Microsoft\Windows\CurrentVersion\Run.